Total
1094 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3498 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-08-04 | N/A |
| In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. | ||||
| CVE-2019-1490 | 1 Microsoft | 1 Skype For Business | 2024-08-04 | 5.4 Medium |
| A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | ||||
| CVE-2019-0319 | 1 Sap | 2 Gateway, Ui5 | 2024-08-04 | N/A |
| The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. | ||||
| CVE-2019-0304 | 1 Sap | 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more | 2024-08-04 | N/A |
| FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application. | ||||
| CVE-2020-36531 | 1 Ibm | 1 Sevone Network Performance Management | 2024-08-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. | ||||
| CVE-2020-36618 | 1 Furqansofware | 1 Node Whois | 2024-08-04 | 6.3 Medium |
| A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252. | ||||
| CVE-2020-36308 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-08-04 | 5.3 Medium |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. | ||||
| CVE-2020-36144 | 1 Redash | 1 Redash | 2024-08-04 | 5.3 Medium |
| Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization. | ||||
| CVE-2020-28246 | 1 Form | 1 Form.io | 2024-08-04 | 9.8 Critical |
| A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins. | ||||
| CVE-2020-35775 | 1 Citsmart | 1 Citsmart | 2024-08-04 | 9.8 Critical |
| CITSmart before 9.1.2.23 allows LDAP Injection. | ||||
| CVE-2020-35669 | 1 Dart | 1 Http | 2024-08-04 | 6.1 Medium |
| An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request. | ||||
| CVE-2020-35608 | 1 Microsoft | 1 Azure Sphere | 2024-08-04 | 7.8 High |
| A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability. | ||||
| CVE-2020-35564 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-08-04 | 7.5 High |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code. | ||||
| CVE-2020-35213 | 1 Atomix | 1 Atomix | 2024-08-04 | 8.1 High |
| An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | ||||
| CVE-2020-29655 | 1 Asus | 2 Rt-ac88u, Rt-ac88u Firmware | 2024-08-04 | 7.5 High |
| An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection. | ||||
| CVE-2020-28949 | 5 Debian, Drupal, Fedoraproject and 2 more | 6 Debian Linux, Drupal, Fedora and 3 more | 2024-08-04 | 7.8 High |
| Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. | ||||
| CVE-2020-28031 | 1 Eramba | 1 Eramba | 2024-08-04 | 4.3 Medium |
| eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. | ||||
| CVE-2020-27687 | 1 Thingsboard | 1 Thingsboard | 2024-08-04 | 8.8 High |
| ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen. | ||||
| CVE-2020-27602 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 9.8 Critical |
| BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | ||||
| CVE-2020-27627 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 6.1 Medium |
| JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | ||||